Save as PDF
Image Source: https://www.okta.com/identity-101/what-is-ldap/
The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. LDAP is based on a simpler subset of the standards contained within the X.500 standard, making it easier to implement and use.
Key Features and Operations
Directory Services: LDAP is used to provide a central place to store usernames, passwords, and other directory information. This allows different applications and services to connect to the LDAP server to validate users. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network.
LDAP Models
LDAP can be explained using four models:
Information Model: Describes the structure of information stored in an LDAP directory. Entries represent objects of interest in the real world, such as people, servers, or organizations.
Naming Model: Describes how information in an LDAP directory is organized and identified. Entries are organized in a tree-like structure called the Directory Information Tree (DIT).
Functional Model: Defines operations for accessing and modifying directory entries, such as searching, adding, deleting, and modifying entries.
Security Model: Describes how information in an LDAP directory can be protected from unauthorized access. It is based on the BIND operation.
Common LDAP Operations
Bind: Authenticate and specify the LDAP protocol version
Search: Search for and/or retrieve directory entries
Add: Insert a new entry into the directory-server database
Delete: Remove an entry from the directory
Modify: Make changes to existing entries
Modify DN: Move or rename an entry
Unbind: Close the connection
Security: LDAP supports secure communication using the LDAPv3 Transport Layer Security (TLS) extension or an SSL tunnel. The default port for LDAP over SSL is 636
>>The StartTLS operation establishes Transport Layer Security on the connection, providing data confidentiality and integrity protection
Advantages
Data Availability: Data present in LDAP is available to many clients and libraries
Support for Various Applications: LDAP supports many types of applications
Basic Security: LDAP provides basic security features
Disadvantages
Relational Database Handling: LDAP does not handle relational databases well
LDAP is widely used in various applications, including Microsoft Active Directory, which uses LDAP as the basis for its directory services
>>It is a powerful protocol for managing and accessing directory information in a networked environment.
Further Reading:
Lightweight Directory Access Protocol – Wikipedia
https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
Lightweight Directory Access Protocol (LDAP) – GeeksforGeeks
https://www.geeksforgeeks.org/lightweight-directory-access-protocol-ldap/
What is LDAP | Microsoft Learn
https://learn.microsoft.com/en-us/previous-versions/windows/desktop/ldap/what-is-ldap